I think this is a general question that would apply to all Android phones though I have a HTC Desire Z.

I cannot find a section on any of the settings to change the password for the Google account used for gmail, Android Market or any of the other google account dependent services and features on the phone. Surely this is a glaring omission?

I would expect a feature to be present on the phone and for extra security, have it ask me for the existing password in order to allow me to change to a new one.

Obviously I can change the password when logged into Google in a browser on a PC/Mac but this is an unnecessary procedure - surely we are all becoming increasingly mobile-centric, so shouldn't it be possible to change it on the phone?

I have searched here and on Google, the only answers I can find are things like:

people who need to enter the new password on the phone after changing it to this new password when on a PC or Mac logged into Google on a browser for example.

people who want to change their actual google account, i.e. use a different one

But I can't find anything about a section on the phone itself to change the password for Gmail,Android Market and other google account dependent services and features on the phone!

yes true - this is definitely a possibility if you use Dolphin browser Agent set to Desktop to access gmail.
–
therobyouknowJul 23 '12 at 8:15

1

I can from my regular Android browser as well. I can click "Desktop" at the bottom to request desktop version of the site or in ICS I can click menu to request desktop version of the site.
–
roxanJul 23 '12 at 8:22

Accepted answer. I can work with this and @Richard Borcsik's comments are worth bearing in mind too.
–
therobyouknowJul 24 '12 at 11:20

No! No! NO! DON'T YOU DARE!

Your phone doesn't know your password. When you log in it is issued an (oath?) authentication token so it doesn't have to deal with passwords. This is not an omission, they didn't just forget that someone might want to change their password, I'm 100% sure that this was intentional. The moment you start dealing with passwords for a second more than absolutely necessary you're doing it wrong.

This would be security hole the size of the Marina Trench.

You'd either have to:

Store the password on the device

Let users who don't know the password change it.

If you're considering the first one you might as well tell as your password now - it's so bad I can't even find words to explain it.

The second one is just as dangerous. Rooted users (and thus apps) can access your authentication tokens. But that's alright since they're easily revoked and they can't access your authentication settings. Now, if you allow users to change passwords using anything other than the web interface and let them not have to enter their password you have the aforementioned hole in your system.

+1 I like your approach it made me smile (with your serious point acknowledged). Let me get my head around what you're saying and I'll come back.
–
therobyouknowJul 23 '12 at 8:14

Thanks for this. I can still open a full desktop version of gmail on my phone and change the password in there, as @roxan advises. This would not be storing the password on the phone and your point about security are enlightening. Thanks.
–
therobyouknowJul 24 '12 at 11:17